Enumeration
Exploitation
Post exploitation
File transfer
Misc
Tools
Tools
Seeds/Roots
ASN Enumeratiom
- bgp.he.net
- Asnlookup
- Metabigor
Reverse WHOIS
- whoxy.com
- DOMLink
Ad/Analytics Relationships
- getrelationship.py
Google-Fu
- Copyright text
- Terms of service text
- Privacy policy test
Subs
Linked and JS Discovery
- Burp Suite Pro (or ZAP Proxy?)
- GoSpider
- hakrawler
- Subdomainizer
- subscraper
Subdomain Scraping
1
site:twitch-tv -www.twicht.tv
Copied!
1
site:twitch-tv -www.twicht.tv -watch.twitch.tv
Copied!
- Amass
amass enum ... - Subfinder v2
- github-subdomains.py
- github-search (unstable -> run multiple times)
- shosubgo
- Cloud Ranges (scan all AWS, Azure, etc. check SSL certs for "target")
Subdomain Bruting
- Massdns
- Amass
amass enum -brute -d twitch.tv -src - aisdnsbrute
- shuffleDNS
- altdns
Wordlists
- all.txt
- AssetNote -> commonspeak2
Favicon Analysis
- favfreak
Port Analysis
- Nmap
- masscan (faster than Nmap)
- dnmasscan
- Brutespray
GitHub Dorking
- github-search
Screenshotting
- Aquatone
- Eyewitness
- httpscreenshot
- WitnessMe
Subdomain takeover
- can-i-take-over-xyz
- Nuclei
- SubOver
Automation++
- interlace
- Tools by TomNomNom (eg httpprobe, mage)
Frameworks
S-Tier
- Bunty.offensiveai.com (paid)
- Scout (paid)
A-Tier
B-Tier
C-Tier
MISC (to be cleaned up)
- WebScarab
- Recon-ng
- GitRob
- OnlineHashCrack.com
- idb
- Wireshark
- Bucket Finder
- Race the Web
- Google Dorks
- JD GUI
- Mobile Security Framework
- Ysoserial
Last modified 16d ago